STIGQter: STIG Summary: IBM z/OS RACF Security Technical Implementation Guide Version: 8 Release: 3 Benchmark Date: 23 Apr 2021:

The IBM z/OS user account for the UNIX (RMFGAT) must be properly defined.

DISA Rule

SV-223861r604139_rule

Vulnerability Number

V-223861

Group Title

SRG-OS-000104-GPOS-00051

Rule Version

RACF-US-000240

Severity

CAT II

CCI(s)

• CCI-000764 - The information system uniquely identifies and authenticates organizational users (or processes acting on behalf of organizational users).

Weight

10

Fix Recommendation

Define the RMFGAT user account as specified below:

Default group specified as OMVSGRP or STCOMVS
A unique, non-zero UID
HOME directory specified as “/”
Shell program specified as “/bin/sh”

Check Contents

RMFGAT is the userid for the Resource Measurement Facility (RMF) Monitor III Gatherer.

If RMFGAT is not defined, this is Not Applicable.

From a command input screen enter:
LISTUSER (RMFGAT) OMVS

If RMFGAT is defined as follows, this is not a finding.

Default group specified as OMVSGRP or STCOMVS
A unique, non-zero UID
HOME directory specified as “/”
Shell program specified as “/bin/sh”

Vulnerability Number

V-223861

Documentable

False

Rule Version

RACF-US-000240

Severity Override Guidance

RMFGAT is the userid for the Resource Measurement Facility (RMF) Monitor III Gatherer.

If RMFGAT is not defined, this is Not Applicable.

From a command input screen enter:
LISTUSER (RMFGAT) OMVS

If RMFGAT is defined as follows, this is not a finding.

Default group specified as OMVSGRP or STCOMVS
A unique, non-zero UID
HOME directory specified as “/”
Shell program specified as “/bin/sh”

Check Content Reference

M

Target Key

4101

Comments